ESP32 Bluetooth Device Tracking with ESPresense + AWS IoT Integration

This tutorial explains how to send ESPresense data from a local instance to the cloud using AWS IoT. It utilizes Mosquitto MQTT, a free and lightweight broker that can run on any machine, to act as a bridge for redirecting messages between ESPresense and AWS IoT.

You will need the following hardware:

1-) ESP32 Board

2-) Micro USB wire to connect to the board (this depends on your computer) I linked one for your reference.

3-) (Optional) 400 Point Breadboard for stability and organization purposes.

Note: Setup an AWS Account before starting.

Step 1-) AWS Setup

Log in to the AWS Management Console. Select the region you want to work in. Why does the region matter? Selecting a region closer to your devices reduces communication delays. If you are working in the US, select US region that is closest to your state, this is where all of your work will remain in AWS.

Navigate to IoT Core → Manage → Things → Create Thing.

Next auto generate a cert

Then create a policy (select the Create Policy option) before proceeding.

Give your policy a descriptive name—this controls what your device is allowed to do.

For basic functionality, grant essential MQTT permissions:

Connect
Publish
Receive
Subscribe

To allow access to all MQTT topics, set the policy resource to * (wildcard), meaning it can interact with any topic.

Then select the policy and attach it to the thing once the policy is created. Now you can “Create Thing”

Be sure to download all of the files, we will use this when we set up Mosquitto locally so that we can properly authenticate with AWS. While we only need a couple of the files to perform the authentication process we still should keep and store all of them securely.

Click Done - We will revisit AWS later when we start sending data from our ESP32

Step 2-) Mosquitto Setup

AWS IoT does not support direct connections from ESPresense because it requires MQTT over TLS (port 8883) with authentication, which ESPresense doesn’t natively support. Mosquitto solves this by acting as an MQTT bridge—it receives ESPresense data locally over port 1883 (without encryption) and securely forwards it to AWS IoT over port 8883 with the required authentication and certificates.

Without Mosquitto, ESPresense wouldn’t be able to send data to AWS IoT.

All of the following commands shown in this section should be executed in a terminal (command line).

Mac: Use the Terminal application.
Linux: Use the built-in terminal.
Windows: Use Command Prompt (cmd) or PowerShell.

Make sure you have the appropriate terminal open before proceeding.

First… Install Mosquitto

On macOS, install Mosquitto using Homebrew:

brew install mosquitto
brew services start mosquitto

On Linux (Debian/Ubuntu):

sudo apt update
sudo apt install mosquitto mosquitto-clients
sudo systemctl enable mosquitto
sudo systemctl start mosquitto

On Windows, download Mosquitto from mosquitto.org and follow the installation instructions.

Next, Create a Mosquitto Password File

Since we will be setting up authentication in ESPresense, we need to make a password file:

On a macbook ->

mosquitto_passwd -c /opt/homebrew/etc/mosquitto/password_file Username

On a Linux ->

sudo mosquitto_passwd -c /etc/mosquitto/password_file Username

On a Windows ->

Open Command Prompt or PowerShell as Administrator.
Run:

mosquitto_passwd -c C:\Program Files\Mosquitto\password_file Username

Replace Username with the username you want, this can be anything of your choice. I used 12345 for both the username and password when I did this, since it was just for demo purposes.

Enter a password when prompted, this password will be used in ESPresense later to authenticate. Be sure to remember it.

Next, Modify the Mosquitto Configuration

After installing Mosquitto, edit its configuration file to allow external connections and set up the AWS bridge.

The Mosquitto configuration file (mosquitto.conf) is where you define how the MQTT broker behaves. It controls settings like:

Network access: Allowing external connections (listener 1883 0.0.0.0).
Authentication: Enabling username/password authentication.
Bridging: Forwarding MQTT messages to AWS IoT.
Logging: Configuring how Mosquitto records activity.

Editing this file allows you to customize Mosquitto to accept connections from ESPresense and securely bridge data to AWS IoT.

On macOS, open the config file:

nano /opt/homebrew/etc/mosquitto/mosquitto.conf

On Linux:

sudo nano /etc/mosquitto/mosquitto.conf

On Windows:

Open Command Prompt or PowerShell as Administrator.

cd "C:\Program Files\Mosquitto"

Open the configuration file in Notepad:

notepad mosquitto.conf

At the bottom of the file, add these lines:

listener 1883 0.0.0.0
allow_anonymous false
password_file /opt/homebrew/etc/mosquitto/password_file

# You need to replace the address
connection bridge-to-aws
address aj4voizogn7cc-ats.iot.us-east-1.amazonaws.com:8883

# Security settings - You need to replace these paths
bridge_cafile /Users/mahmoodshilleh/Downloads/AmazonRootCA1.pem
bridge_certfile /Users/mahmoodshilleh/Downloads/ba1409f77211e5cc28a9fa87d2387f7f9c80862f825757d793074b930be56f43-certificate.pem.crt
bridge_keyfile /Users/mahmoodshilleh/Downloads/ba1409f77211e5cc28a9fa87d2387f7f9c80862f825757d793074b930be56f43-private.pem.key

# Bridge settings
bridge_insecure false
try_private false
cleansession true
start_type automatic
notifications false
log_type all

# Topic forwarding - to forward mqtt data from devices topic
topic espresense/devices/# out 0

After adding the lines to your Mosquitto configuration file, make sure to update the following placeholders with your actual values:

password_file /opt/homebrew/etc/mosquitto/password_file
- Linux: /etc/mosquitto/password_file
- Windows: C:\Program Files\Mosquitto\password_file

If you are not using a Mac, change the path accordingly:

address aj4voizogn7cc-ats.iot.us-east-1.amazonaws.com:8883

Replace aj4voizogn7cc-ats.iot.us-east-1.amazonaws.com with your actual AWS IoT endpoint.
You can find this in the AWS IoT Core Console under Domain Configurations in AWS IoT Core. Copy the domain name.. See screenshot below

Certificate and Key File Paths:

Replace these with the actual paths where you downloaded your AWS IoT certificates:

bridge_cafile /path/to/AmazonRootCA1.pem
bridge_certfile /path/to/certificate.pem.crt
bridge_keyfile /path/to/private.pem.key

topic espresense/devices/# out 0

In your Mosquitto configuration, out 0 in the topic directive specifies how messages are forwarded between the local MQTT broker and the AWS IoT bridge.

out: This means messages published on the local broker (mosquitto) for espresense/devices/# will be forwarded outbound to AWS IoT.
0: This refers to the QoS (Quality of Service) level for the forwarded messages.

0: At most once (fire and forget, no guarantee of delivery).
1: At least once (message is retried until acknowledged).
2: Exactly once (ensures message is received only once).

What this means:

Your Mosquitto broker is set up to publish any messages from the local topic espresense/devices/# to AWS IoT with QoS 0, meaning there is no guarantee of message delivery (best effort).

If reliability is a concern, you might want to change 0 to 1 or 2, depending on your needs.

—

Save the file (Ctrl+X, then Y, then Enter in nano editor). Note that if you have never used terminal style text editors you can simply open the file in notepad or however you prefer opening regular text files and just modify them as you will. “Nano” is a terminal program that allows you to modify text in a file through the terminal, it is not necessarily needed

—

Restart Mosquitto to apply changes:

After modifying the configuration file, restart Mosquitto to apply the changes.

On macOS:

brew services restart mosquitto

On Linux:

sudo systemctl restart mosquitto

On Windows:

Open Command Prompt or PowerShell as Administrator.

Stop the Mosquitto service:
net stop mosquitto

Start the Mosquitto service again:
net start mosquitto

Alternatively, you can restart Mosquitto from the Services Manager:

Open services.msc
Find Mosquitto Broker
Right-click → Restart

Check if Mosquitto is Running

After restarting, verify that Mosquitto is running.

On macOS (see example output in my screenshot):

brew services list

On Linux:

systemctl status mosquitto

On Windows:

Open Command Prompt or PowerShell as Administrator.

Step 3-) ESPresence Setup

Now we will follow the steps to enable ESPresense per official documentation.

Visit https://espresense.com/firmware

Make sure your device is connected to your computer and click Connect, follow the steps to install the Firmware. Be sure to select the appropriate serial port. You can check the box to erase the device before installing!

Depending on your internet it could take several minutes to install, let it do its thing and wait until it is done.

Enter WiFi information when it is done. Select Connect. If it is not connecting or timing out we can skip this and add it later. This segment is a little buggy for some reason.

I recommend unplugging and plugging the device and revisiting the firmware page again at this point.

https://espresense.com/firmware

Select Connect once more. You should see an option to Visit Device, select that option.

You will see the configuration page. This is the last page we need to adjust and we should start seeing data.

Put “classroom” for the Room value. Or whatever you want to call the room. This is based on your preference for the room name.
Replace Username and Password with the same username and password we set in Mosquitto
Port should be 1883 for Mosquitto server.
The Server should be the IP address of your Mosquitto running on your local network. You can get your IP of your local machine as follows:

On macOS (You Already Did This)

Open Terminal.
ipconfig getifaddr en0

If using Wi-Fi, this returns something like: 192.168.4.25.

If using Ethernet, try:
ipconfig getifaddr en1

On Linux (Ubuntu/Debian/Raspberry Pi)

Open Terminal.

ip a | grep "inet " | grep -v 127.0.0.1

The output will show your local IP (192.168.x.x).

Ignore 127.0.0.1, that’s the loopback address (not your network IP).

Alternative method:

hostname -I | awk '{print $1}'

This returns only your local IP.

On Windows

Open Command Prompt (cmd).

Press Win + R, type cmd, hit Enter.

ipconfig

Look for "IPv4 Address" under your active network connection (Wi-Fi or Ethernet).

It will be something like 192.168.x.x.

At this point, once you entered your IP, go ahead and select Save and Restart Device.

Regardless,

check your subscription in AWS MQTT Test client , you should start see a tremendous amount of messages (See screenshot)

ESPresense Messages are Now Successfully Relaying to AWS IoT Core!

IMPORTANT: Be mindful of AWS charges. While AWS IoT Core offers a generous Free Tier, ESPresense generates a high volume of messages, which can lead to unexpected costs over time.

To optimize costs, consider filtering or throttling messages based on your use case. This can be done at the Mosquitto broker level or by implementing AWS IoT Rules to process only relevant data. You can stop messages by unplugging the device or stopping Mosquitto in the command line. Example: